package com.gopay.cashier.security;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

public class CustomFormAuthenticationFilter extends FormAuthenticationFilter {

    private static final Logger log = Logger.getLogger(CustomFormAuthenticationFilter.class);

    @Override
    public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        if (!super.onPreHandle(request, response, mappedValue)) {
            return false;
        }
        // 判断当前Session是否已经失效
        HttpServletRequest req = (HttpServletRequest)request;
        if(!req.isRequestedSessionIdValid()){
            log.error("[onPreHandle]Requested Session Id Invalid");
            return false;
        }
        return true;
    }
}
